Remote file inclusion

PHP remote file inclusion vulnerability in install/index.php in BlooFoxCMS 0.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the contentphp parameter. NOTE: this issue has been disputed by a reliable third party, stating that contentphp is initialized before use...

CVE-2007-2317

Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter to bbplugins.php in 1 components/minibb/ or 2...

CVE-2007-2307

PHP remote file inclusion vulnerability in engine/engine.inc.php in WebKalk2 1.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter...

CVE-2007-2258

PHP remote file inclusion vulnerability in includes/init.inc.php in PHPMyBibli allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter...

CVE-2007-2255

Multiple PHP remote file inclusion vulnerabilities in Download-Engine 1.4.3 allow remote attackers to execute arbitrary PHP code via a URL in the 1 engdir parameter to addmember.php, 2 langpath parameter to admin/enginelib/class.phpmailer.php, and the 3 spawroot parameter to...

Remote file inclusion

PHP remote file inclusion vulnerability in lib/pcltar.lib.php aka pcltar.php in the PclTar module 1.3 and 1.3.1 for Vincent Blavet PhpConcept Library, as used in multiple products including 1 Joomla! 1.5.0 Beta, 2 N/X Web Content Management System WCMS 4.5, 3 CJG EXPLORER PRO 3.3, and 4...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-2189

PHP remote file inclusion vulnerability in admin/adminalbumotf.php in the MX Smartor Full Album Pack FAP 2.0 RC1 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbbrootpath parameter...

CVE-2007-2190

PHP remote file inclusion vulnerability in admin/public/webpages.php in Eba News 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter...

CVE-2007-2181

PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter, a different product and vector than CVE-2005-0748...

Remote file inclusion

PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot osp 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter...

CVE-2007-2144

PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack comjpack 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2007-2140

PHP remote file inclusion vulnerability in everything.php in Franklin Huang Flip aka Flip-search-add-on 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the incpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the GJGALLincpath parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in includes/CAltInstaller.php in the JoomlaPack comjpack 1.0.4a2 RE component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

Code injection

The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the 1 name or 2 email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

EUVD-2007-2151

Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic 0.9 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to 1 datumVonDatumBis.inc.php, 2 footer.inc.php, 3 header.inc.php, and 4 stylesheets.php in templates/; and 5 wochenuebersicht.inc.php, 6...

CVE-2007-2092

Direct static code injection vulnerability in index.php in Limesoft Guestbook LS Simple Guestbook allows remote attackers to inject arbitrary PHP code into posts.txt via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-2095

PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 allows remote attackers to execute arbitrary PHP code via a URL in the myroot parameter, a different vector than CVE-2007-0498...

CVE-2007-2084

PHP remote file inclusion vulnerability in MobilePublisherphp 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the authmethod parameter to 1 index.php, 2 list.php, 3 postreview.php, 4 reindex.php, 5 sections.php, 6 templates.php, 7 userinfo.php, 8 users.php, and 9 view.php...